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IN THE SPECIFICATION: 

Please delete the paragraph beginning on Page 2, line 31 and replace with the 
following: 

Cryptographic systems may be implanted using hardware. As an overview 
summary, hardware cryptography implementation is required in certain industrial sectors 
such as financial areas. It is important that confidential information is kept in secure 
location. A classic example is the storage of private key. Although the access to the 
private key can be limited by the data structure/nature in software (e.g. declaring the key 
as a private attribute which cannot be accessed by any outside application), the memory 
that stores the key is not protected by secure means. An intruder/adversary can read the 
key information by brutal brute memory reading or any work around. Besides secure 
storage, hardware also provides an environment to execute operations that involve 
confidential data such as digital signature and encryption. Hardware provides a secure 
means for storing confidential data and executing sensitive operations. 

Please delete the paragraph beginning on Page 4, line 3 and replace with the 
following: 

The present invention provides a method, apparatus, and computer implemented 
instructions for executing cryptographic operations in a single architecture that embraces 
the advantages of both software and hardware implementations. Responsive to a request 
to perform a cryptographic operation, one of a software process and a hardware process is 
selected (whether specified by the application or picked by the architecture according to 
some policy) for performing the cryptographic operation ba$ed on a policy which process 
results ifi-a» with available resources to perform the cryptographic operation to form a 
selected process which will yield an optimal performance. The cryptographic operation is 
performed using the selected process. 
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Please delete Hie paragraph beginning on Page 10, line 20 and replace with the 
following: 

API interface 304 provides a common interface for applications requiring 
cryptographic operations. Through API interface 304 allows application to make calls or 
send requests for cryptographic operations without requiring application to format these 
calls or requests a particular process within cryptographic systems 302. Thus, if different 
hardware and software processes are implemented for hardware cryptographic process 
308 and software cryptographic process 310, applications are not required to make 
different calls and request for each particular process. API interface 304 translates the 
request or call from an application, such as, application 3©9 300 . into the appropriate 
format for a particular cryptographic process within cryptographic system 302. 

Please delete the paragraph beginning on Page 11, line 30 and replace with the 
following: 

Hardware cryptographic process 308 and software cryptographic process 310 may 
b e implemented uoing implement any of the known algorithms, such as, for example, 
Rivest-Shamir-Adleman (RSA) cryptographic algorithms, Digital Signature Algorithm 
(DSA), and Diffic-Helman Cryptographic algorithms. 

Please delete the paragraph beginning on Page 12, line 14 and replace with the 
following: 

If, however, no particular type of process is requested by application 300, policy 
engine 30© 306 may select the particular type of process using a predefined set of rules. 
For example, policy engine 306 may include rules that select the particular process based 
on available resources in the data processing system. The rules may select the process, 
which uses the least amount of available resources or particular resources. The particular 
process any also be selected based on the process that provides the fastest processing. 
The set of rules may leverage the workload of the hardware/software. For example, if 
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hardware is in use by another application, software will be used, and this rule will be a 
predefined dominant factor. An example of another rule is if the service is encryption, 
only hardware implementation is used. This type of rule is performance oriented to 
provide the fastest implementation. Further, in these examples, policy engine 306 is not 
statically configured. An application can configure policy engine 306 dynamically as 
desired. Different applications can concurrently run on this architecture with different 
configurations. It is up to the application whether it wants to dynamically change the 
configuration or predefine the usage of each algorithm services. 

Please delete the paragraph beginning on Page 16, line 22 and replace with the 
following: 

The process begins by receiving a request (step 600). Thereafter, one or more 
cryptographic operation operations are identified by the request (step 602). The 
mechanism of the present invention allows for breaking down a request into different 
cryptographic operations and selecting the type of cryptographic processes best for each 
operation based on a policy. Many of the cryptographic algorithms are a combination of 
several cryptographic algorithms. For instance, digital signature composes of message 
digest and public private key encryption. Less sensitive operations such as message 
digest may be performed by the faster implementation, software, while the more sensitive 
operation, encryption, may be performed by the more secure hardware. 

Please delete the paragraph beginning on Page 29, line 7 and replace with the 
following: 

The present invention provides a method, apparatus, and computer implemented 
instructions for executing cryptographic operations. Responsive to a request to perfoim a 
cryptographic operation, one (or more) of a software process and a hardware process is 
selected for performing the cryptographic operation based on a policy which process 
results ia-a with available resources to perform the cryptographic operation to form a 
selected process. The cryptographic operation is performed using the selected process. 

Page 4 of 22 
Leung etal.- 09/738,243 

PAGE 6/24 * RCVD AT 9/2312004 3:55:28 PM [Eastern Daylight Time] * SVR:USPT0£FXRMf8 ' DNIS:8729306 * CSID:9723672008 * DURATION (mm-ss):06-50 



09/23/2004 14:53 9723672008 YEE & ASSOCIATES PAGE 07 



Necessary object conversions, which is transparent to the application, is carried out in 
order to convert objects to usable forms of the selected process(es). 
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